3D Secure processing issue using dotnetcharge

Question

Hi there,

I'm integrating a number of e-comm sites into different banks and decided the easiest method was to add in the dotnetcharge (www.dotnetcharge.com) library. It works well and means I can keep much of my code the same for each bank type and transaction. However, their support is a bit sucky (4 emails sent, 1 reply) and I'm utterly baffled on the 3D Secure issue.

Does anyone have experience with dotnetcharge and 3D Secure? I have set the MerchantURL and the actual 3D Secure screen comes up - but I'm unsure how to get the system to 'flow' properly. Does anyone have any code examples or even pointers in the right direction? Failing that, does anyone know how to make support respond!

This particular integration is with SagePay, which also has God-awful documentation and support.

Code for reference is as follows;

        Dim Amount As Decimal = ordertotal
        ' ApplySecure3D options:
        ' 0 = If 3D-Secure checks are possible and rules allow, perform the checks and apply the authorization rules. 
        ' 1 = Force 3D-Secure checks for this transaction only (if your account is 3D-enabled) and apply rules for authorization.
        ' 2 = Do not perform 3D-Secure checks for this transaction only and always authorize.
        ' 3 = Force 3D-Secure checks for this transaction (if your account is 3D-enabled) but ALWAYS obtain an auth code, irrespective of rule base.
        Dim ProtxLogin As String = "xxx"
        Dim ProtxPassword As String = "xxx"
        Dim ProtxApply3DSecure As Integer = 1
        Dim ProtxMerchantURL As String = "https://www.mydomain.com/processing/"

        Dim Number As String = txtCardNo.Text '//luhn/mod10 here.
        Dim AVS As String = txtCVN.Text
        Dim DD As String = "01"
        Dim MM As String = ddlValidTo_month.SelectedValue.ToString()
        Dim YY As String = ddlValidTo_year.SelectedValue.ToString()

        Dim ProcessingResult As Integer = 0
        Dim Protx As New dotnetCHARGE.CC()

        Protx.Login = ProtxLogin
        Protx.Password = ProtxPassword
        Protx.ApplySecure3D = ProtxApply3DSecure
        Protx.MerchantUrl = ProtxMerchantURL

        Dim AVSResponse As String = ""
        Dim CVV2 As String = ""

        Protx.OrderID = GoogleOrderNumber
        Protx.Month = MM
        Protx.Year = YY
        Protx.TransactionType = dotnetCHARGE.TransactionType.Sale
        Protx.Amount = ordertotal
        Protx.Number = Number
        Protx.Currency = "GBP"
        Protx.CustomerID = CustomerId
        '//loads of params removed for brevity
        Protx.ClientIP = Request.UserHostAddress.ToString()
        Protx.CardType = ddlCardType.SelectedValue.ToString()
        Protx.Description = "My Order"
        Protx.Code = AVS
        Protx.TestMode = True
        Protx.TransactionType = dotnetCHARGE.TransactionType.Sale

        ProcessingResult = Protx.Charge(Processor.Protx)

Help appreciated.

Answer 1

I decided to return to this question to explain how the final result was acheived. Hopefully some SO users will find it useful.

To acheive the correct 'flow' you'll need two pages. You won't realistically be able to do the whole transaction processing in a single page. The first page will have the card entry details; card number, expiry date, CVN, billing address etc. On hitting pay/submit I'd recommend saving the transaction to your datasource as 'unprocessed' or something similiar. Once all your details are saved - no card processing done thus far - redirect with HTTPS to the second page.

Your customer may never know this page exist depending on how you set this up. The second page will have the .netCharge code within it as my question and process the card. When 3D secure is enabled (.Apply3DSecure = 1), the customer will be redirected to their bank to enter some further details and it will return to this second page. It doesn't behave like a postback or a refresh, so do not worry about a returning call to the page processing twice. You will receive 1 of 3 possible statuses; Authorised, Error and Declined. Your page can redirect to further necessary pages (therefore the customer nevers know this middle page exists) or display the results directly on this processing page.

There is one final 'gotcha', which you'll see very quickly. The second page (the processing page) needs the card details to actually process. You can't just pass card details on a form or even a querystring, that's irresponsible. .netCharge comes with an .Encrypt and .Decrypt function; just pass it the value to encrypt and a hash of some sort and save these details temporarily on the first page, read and decrypt on the second page and then remove them. This means the details are secure, are saved for less than 5 seconds in most cases and you have no exposure because they are destroyed.

I hope this helps - if anyone has any questions, just give me a shout.